Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-1579

Published: 19/07/2019 Updated: 24/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Paloaltonetworks

Vulnerability Summary

Remote Code Execution in PAN-OS 7.1.18 and previous versions, PAN-OS 8.0.11-h1 and previous versions, and PAN-OS 8.1.2 and previous versions with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote malicious user to execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paloaltonetworks pan-os

Vendor Advisories

Palo Alto Networks Security Advisory: CVE-2019-1579 Remote Code Execution in GlobalProtect Portal/Gateway Interface
CVE-2019-1579 Remote Code Execution in GlobalProtect Portal/Gateway Interface ...

Github Repositories

https://github.com/fischbach/gp_vulnerability

Create a profile for the GP vulnerability #54582

gp_vulnerability Create a profile for the GP vulnerability #54582 CVE-2019-1579: an example, where vulnerability protection signature #54582 was released in content version 8173*, released on 7/18/2019 to detect and prevent attempted attacks The vulnerability affected GlobalProtect portal and gateway services This document assumes that the firewall is already configured and u

Recent Articles

Palo Alto gateway security alert, FSB hack, scourge of data-stealing web plugins, and more
The Register • Shaun Nichols in San Francisco • 21 Jul 2019

A summary of computer security news for you, delivered rapid-fire-style

Roundup Let's catch up with all the recent infosec news beyond what we've already covered. If you're using Palo Alto Network's GlobalProtect Portal or Gateway, ensure you're using the latest version of the software. The biz quietly issued a maintenance update to close a security hole – a trivial string formatting vulnerability no less – that can be potentially exploited by miscreants to hijack installations of the code over the network or internet. This is a pre-authentication remote-code ex...

Read more...

References

CWE-134http://www.securityfocus.com/bid/109310https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://devco.re/blog/2019/07/17/attacking-ssl-vpn-part-1-PreAuth-RCE-on-Palo-Alto-GlobalProtect-with-Uber-as-case-study/https://security.paloaltonetworks.com/CVE-2019-1579https://nvd.nist.govhttps://github.com/fischbach/gp_vulnerabilityhttps://www.theregister.co.uk/2019/07/21/security_roundup_190719/https://security.paloaltonetworks.com/Home/Detail/158
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook